Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Graphical Models for Security

GraMSec 2019: Graphical Models for Security pp 23–49Cite as

Attack Trees: A Notion of Missing Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11720))

Abstract

Attack trees are widely used for security modeling and risk analysis. Classically, an attack tree combines possible actions of the attacker into attacks. In most existing approaches, an attack tree represents generic ways of attacking a system, but without taking any specific system or its configuration into account. This means that such a generic attack tree may contain attacks that are not applicable to the analyzed system, and also that a given system could enable some attacks that the attack tree did not capture.

To overcome this problem, we extend the attack tree setting with a model of the analyzed system, allowing us to introduce precise path semantics of an attack tree and to define missing attacks. We investigate the missing attack existence problem and show how to solve it by calls to the NP oracle that answers the trace attack tree membership problem; the latter problem has been implemented and is available as an open source prototype.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    This holds under the assumption that \({P} \ne {NP} \).

  2. 2.

    In the full MAE problem, all (strong and weak) operators are allowed.

References

  1. Amenaza: SecurITree (2001–2013). http://www.amenaza.com/

  2. Audinot, M., Pinchinat, S., Kordy, B.: Is my attack tree correct? In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 83–102. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_7

    Chapter  Google Scholar 

  3. Audinot, M., Pinchinat, S., Kordy, B.: Guided design of attack trees: a system-based approach. In: CSF, pp. 61–75. IEEE Computer Society (2018)

    Google Scholar 

  4. Audinot, M., Pinchinat, S., Schwarzentruber, F., Wacheux, F.: Deciding the non-emptiness of attack trees. In: Cybenko, G., Pym, D., Fila, B. (eds.) GraMSec 2018. LNCS, vol. 11086, pp. 13–30. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-15465-3_2

    Chapter  Google Scholar 

  5. Baier, C., Katoen, J.: Principles of Model Checking. MIT Press, Cambridge (2008)

    MATH  Google Scholar 

  6. Berman, P., Karpinski, M., Scott, A.D.: Approximation hardness of short symmetric instances of MAX-3SAT. Electronic Colloquium on Computational Complexity (ECCC) 10(049) (2003). http://eccc.hpi-web.de/eccc-reports/2003/TR03-049/index.html

  7. EAC Advisory Board and Standards Board: Election Operations Assessment - Threat Trees and Matrices and Threat Instance Risk Analyzer (TIRA) (2009). https://www.eac.gov/assets/1/28/Election_Operations _Assessment_Threat_Trees_and_Matrices_and_Threat_Instance_Risk_Analyzer_(TIRA).pdf

  8. Gadyatskaya, O., Harpes, C., Mauw, S., Muller, C., Muller, S.: Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 80–93. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9_5

    Chapter  Google Scholar 

  9. Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., Willemse, T.A.C.: Refinement-aware generation of attack trees. In: Livraga, G., Mitchell, C. (eds.) STM 2017. LNCS, vol. 10547, pp. 164–179. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-68063-7_11

    Chapter  Google Scholar 

  10. Hong, J.B., Kim, D.S., Chung, C., Huang, D.: A survey on the usability and practical applications of Graphical Security Models. Comput. Sci. Rev. 26, 1–16 (2017)

    Article  MathSciNet  Google Scholar 

  11. Isograph: AttackTree+ (2004–2005). http://www.isograph-software.com/atpover.htm

  12. Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Attack tree generation by policy invalidation. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 249–259. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24018-3_16

    Chapter  Google Scholar 

  13. Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_23

    Chapter  Google Scholar 

  14. Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88873-4_8

    Chapter  Google Scholar 

  15. Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)

    Article  Google Scholar 

  16. Kordy, B., Wideł, W.: On quantitative analysis of attack–defense trees with repeated labels. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 325–346. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_14

    Chapter  Google Scholar 

  17. Mantel, H., Probst, C.W.: On the meaning and purpose of attack trees. In: CSF, pp. 184–199. IEEE Computer Society (2019)

    Google Scholar 

  18. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_17

    Chapter  Google Scholar 

  19. National Electric Sector Cybersecurity Organization Resource (NESCOR): Analysis of selected electric sector high risk failure scenarios, version 2.0 (2015). http://smartgrid.epri.com/doc/NESCOR

  20. Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014. LNCS, vol. 8938, pp. 363–375. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15201-1_24

    Chapter  Google Scholar 

  21. Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29968-6_7

    Chapter  Google Scholar 

  22. Saffidine, A., Cong, S.L., Pinchinat, S., Schwarzentruber, F.: The Packed Interval Covering Problem is NP-complete. CoRR abs/1906.03676 (2019). http://arxiv.org/abs/1906.03676

  23. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  24. Stockmeyer, L.J.: The polynomial-time hierarchy. Theoret. Comput. Sci. 3(1), 1–22 (1976)

    Article  MathSciNet  Google Scholar 

  25. Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: CSF, pp. 337–350. IEEE Computer Society (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Univ Rennes, CNRS, IRISA, Rennes, France

    Sophie Pinchinat & Florence Wacheux

  2. Univ Rennes, INSA Rennes, CNRS, IRISA, Rennes, France

    Barbara Fila

  3. Sorbonne Université, CNRS, LIP6, Paris, France

    Yann Thierry-Mieg

Authors
  1. Sophie Pinchinat
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Barbara Fila
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florence Wacheux
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yann Thierry-Mieg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sophie Pinchinat .

Editor information

Editors and Affiliations

  1. George Mason University , Fairfax, VA, USA

    Massimiliano Albanese

  2. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Ross Horne

  3. Unitec Institute of Technology, Auckland, New Zealand

    Christian W. Probst

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pinchinat, S., Fila, B., Wacheux, F., Thierry-Mieg, Y. (2019). Attack Trees: A Notion of Missing Attacks. In: Albanese, M., Horne, R., Probst, C. (eds) Graphical Models for Security. GraMSec 2019. Lecture Notes in Computer Science(), vol 11720. Springer, Cham. https://doi.org/10.1007/978-3-030-36537-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-36537-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-36536-3

  • Online ISBN: 978-3-030-36537-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation